CVE-2012-5643

Upstream information

CVE-2012-5643 at MITRE

Description

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.

---

SUSE information

CVSS v2 Scores

	National Vulnerability Database
Base Score	4.96
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

SUSE Bugzilla entries: 794954 [RESOLVED / FIXED], 796999 [RESOLVED / FIXED]

SUSE Security Advisories:

• SUSE-SU-2013:0327-1, published Fri Feb 22 12:04:24 MST 2013
• SUSE-SU-2013:0327-2, published Mon Feb 25 14:04:22 MST 2013
• SUSE-SU-2016:1996-1, published Tue, 9 Aug 2016 17:12:26 +0200 (CEST)
• SUSE-SU-2016:2089-1, published Tue, 16 Aug 2016 18:08:55 +0200 (CEST)
• openSUSE-SU-2013:0162-1, published Wed, 23 Jan 2013 14:06:34 +0100 (CET)
• openSUSE-SU-2013:0186-1, published Wed, 23 Jan 2013 20:04:23 +0100 (CET)
• openSUSE-SU-2013:1436-1, published Fri, 13 Sep 2013 10:05:08 +0200 (CEST)
• openSUSE-SU-2013:1443-1, published Fri, 13 Sep 2013 18:04:14 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Server 11 SP2	squid >= 2.7.STABLE5-2.12.12.1 squid3 >= 3.1.12-8.12.1	Patchnames: slessp2-squid slessp2-squid3
SUSE Linux Enterprise Server 11 SP4	squid3 >= 3.1.23-8.16.30.1	Patchnames: slessp4-squid3-12701
SUSE Linux Enterprise Server for VMWare 11 SP2	squid >= 2.7.STABLE5-2.12.12.1 squid3 >= 3.1.12-8.12.1	Patchnames: slessp2-squid slessp2-squid3
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	squid3 >= 3.1.12-8.12.1	Builds SAT Patch Nr: 7336
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86	squid >= 2.5.STABLE12-18.13.982.4.1	Builds ZYPP Patch Nr: 8464
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	squid >= 2.7.STABLE5-2.12.12.1	Builds SAT Patch Nr: 7335
openSUSE Evergreen 11.4	squid >= 2.7.STABLE6-10.17.1 squid-debuginfo >= 2.7.STABLE6-10.17.1 squid-debugsource >= 2.7.STABLE6-10.17.1 squid3 >= 3.1.23-15.1 squid3-debuginfo >= 3.1.23-15.1 squid3-debugsource >= 3.1.23-15.1	Patchnames: 2013-10 2013-132